Announcement

Collapse
No announcement yet.

Connect to AD without joining the domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Connect to AD without joining the domain

    Hi All,

    I`m trying to connect to the AD from a local workstation which has not joined the domain i want to connect to.
    I have a user acount for that domain, however, i`m unable to join the domain cause i don``t have the rights to do that action.

    I want to query the AD to see which server hosts the exchange role. So I can connect to the exchange server without joining the domain.

    I`ve tried runas mmc with the active directory users and computer addin. But that was not possible.
    When i use mmc ad users and computers and want to connect to domain i`m unable to give in any credentials, so that doesn`t work either.

    When i want to acces the netlogon share on the dc, i`m able to connect with my credentials.

    Any idea`s about this issue ?

  • #2
    Re: Connect to AD without joining the domain

    If you have only user rights in that domain, this infers there are admins for that domain. Have you spoken to them about what you're trying to accomplish? In effect, you want to get past the restrictions of security currently in force on the domain which prevent unauthorised access by non-admin persons or rogue machines.

    As a domain admin, I wouldn't let such a thing happen, to a domain controller or an Exchange server, without some very strong convincing. In fact, unless my boss ordered me to assist in this, it wouldn't happen.

    If there is a business requirement for this kind of thing, your admins should be involved, as they will be held responsible for fixing anything that goes wrong. And since downtime costs money, management won't be best pleased.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Connect to AD without joining the domain

      Create the local user account on the your computer with exact the same name and password as your domain account, login to the your local computer using that account.
      This way you can have some access to the active directory from the your not domain member computer on the same security level as your existing domain account has.
      It should not violate any restrictions because you will use your active directory credentials which was given to you by the administrator I hope.

      Comment


      • #4
        Re: Connect to AD without joining the domain

        Originally posted by RicklesP View Post
        If you have only user rights in that domain, this infers there are admins for that domain. Have you spoken to them about what you're trying to accomplish? In effect, you want to get past the restrictions of security currently in force on the domain which prevent unauthorised access by non-admin persons or rogue machines.

        As a domain admin, I wouldn't let such a thing happen, to a domain controller or an Exchange server, without some very strong convincing. In fact, unless my boss ordered me to assist in this, it wouldn't happen.

        If there is a business requirement for this kind of thing, your admins should be involved, as they will be held responsible for fixing anything that goes wrong. And since downtime costs money, management won't be best pleased.
        Well, in kindda way, i`m passing security measures. Here`s my explain. I allways work at home, have a 12 inch laptop thinghy from the business. So, I don`t wanna use it because I have a nice desktop with 3 * 22 inche screens. I`ve virtualised my laptop to a vm and am running that from the desktop.

        So yes, bypassing security measures from my laptop, however, was allready blocking the logon script on my laptop as is was admin on my laptop. The login script kept pushing sccm packages which i didn`t need. (I however dit allways use automatic windows updates and checked if my virusscanner was up to date. )

        Off course my laptop has joined the domain, however, my vm on my desktop not. Its a kindda bring your own device issue, but then at home

        Comment


        • #5
          Re: Connect to AD without joining the domain

          Originally posted by tAnk View Post
          Create the local user account on the your computer with exact the same name and password as your domain account, login to the your local computer using that account.
          This way you can have some access to the active directory from the your not domain member computer on the same security level as your existing domain account has.
          It should not violate any restrictions because you will use your active directory credentials which was given to you by the administrator I hope.

          Thanks mate, works like a charm.

          Comment

          Working...
          X